The MCP firewall that intercepts, evaluates, and enforces policy on every AI agent tool call.
EU AI Act compliant · NIS2 ready · 6,330+ tests · <5ms overhead
docker run -p 3000:3000 ghcr.io/paolovella/vellaveto:latest Four pillars of runtime protection for autonomous AI systems.
Sits between your AI agent and its tools. Every MCP call passes through Vellaveto before execution.
Policy engine scores each request against configurable rules — scope, sensitivity, blast radius.
Allow, deny, or require human approval in real time. No tool call runs without clearance.
Tamper-evident trail with SHA-256 chains, Merkle proofs, and Ed25519 checkpoints for compliance and forensics.
Built for the strictest European regulatory frameworks.
Art 50 transparency marking, Art 10 data governance, Art 12 record-keeping, Art 14 human oversight.
Incident reporting templates (24h/72h/1M), supply chain security, access control, continuous monitoring.
ICT risk management, incident classification, third-party oversight for financial services.
AI management system controls mapped to Vellaveto features.
Automated access review reports, CC6 evidence, trust services criteria mapping.
All 10 OWASP Agentic Application risks mitigated: ASI01-ASI10.
Evaluate a tool call with a single request.
Teams running AI agents that interact with real systems through MCP tool access.
Explore the source, read the docs, or review the license.